iSACA Cybersecurity Fundamentals Certification Practice Exam

What function does a Web-application firewall perform?

• A. It provides encryption for all web traffic
• B. It applies rules to a specific web application at the OSI model's higher level
• C. It acts as a backup for web server data
• D. It serves as a basic access control for all devices

The correct answer is: It applies rules to a specific web application at the OSI model's higher level

The role of a Web Application Firewall (WAF) is to protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet. It is specifically designed to understand and enforce rules at higher levels of the OSI model, particularly Layer 7, which pertains to the application layer. By applying a set of predefined rules, a WAF can effectively analyze incoming requests and outgoing responses for malicious content, such as SQL injections, cross-site scripting (XSS), and other web application vulnerabilities. This function is crucial for defending against common attack types that specifically target application flaws, thus ensuring the security of the web application itself. Considering the other options, while encryption for web traffic is indeed an important security measure, it does not encapsulate the primary function of a WAF. Backup for web server data is an entirely separate function that relates more to data recovery and availability than security. Basic access control for devices pertains to network level security rather than the application level, which is the domain of a WAF, confirming that option specific to setting application-level rules is indeed the most accurate.